Fixed uid space only half full? (was: Fedora User Management (revisited))
Axel Thimm
Axel.Thimm at ATrpms.net
Sun Mar 11 10:24:08 UTC 2007
On Sun, Mar 11, 2007 at 09:45:57AM +0100, Nicolas Mailhot wrote:
> Le dimanche 11 mars 2007 à 01:12 +0100, Axel Thimm a écrit :
> > On Sat, Mar 10, 2007 at 05:32:03PM +0100, Nicolas Mailhot wrote:
> > > Please can we kill the "fixed UID are useless", [...]
> >
> > > The *only* problem is this range is full, not that it should or should
> > > not exist. Any other argument is not worth the bytes expended on it.
>
> > Maybe some quick review will give us 42 *fixed* uids, and I'm
> > sure that's more than enough for the next 1-2 years (e.g. until
> > F9/10/RHEL6. And until then we can talk with the LSB to change the
> > system fixed/non-fixed uid ranges and prepare a sensitive and
> > compliant setup to last for the next decade.
>
> IMHO trying to be smarter at fixed UID attribution is a dead end. We've
> been hitting the limit for some years now, and getting smart just didn't
> happen.
I don't think we tried to get smarter. Whenever this came up the
legitimate question was posed whether the package in question really
needed a fixed uid or would also work with non-fixed ones, and it
always turned out that it didn't really need fixed uids (last one was
gkrellm IIRC).
> It won't now — it's just too much work to evaluate the threshold
> between fixed/dynamic (taking into account past of future versions of a
> package, build and configure options, local site usages, etc)
The 42 uid mentioned above *are* free.Even if I missed a few, I'm
quite sure that we have about 30 uids immediately for disposal.
> A KISS policy "every rpm-created system ID has a fixed uid referenced in
> this table" is the only sane approach. Except for the problem of
> short-sighted range limit, UIDs are cheap and not worth spending hours
> over.
As long as we have the limitation (imposed by LSB and long year
practices) and lifting it means planing in years, uids aren't really
that cheap. OTOH they are cheaper then anticipated if everyone thinks
they are full, while there's 1/3 or more free.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070311/19dfc095/attachment.sig>
More information about the Fedora-maintainers
mailing list